also....:Boogie:
Habs geschaft dank Deiner guten Anleitung:aplaus:
MBR-Tool: Code:
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK Blacklight hat nixe gefunden!
Antimalware: Code:
Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1433
Windows 5.1.2600 Service Pack 3
01.12.2008 18:21:39
mbam-log-2008-12-01 (18-21-39).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 57956
Laufzeit: 20 minute(s), 45 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service Agent (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service Agent (Backdoor.Bot) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. Silentrunner: Code:
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CCWinTray" = "C:\WINDOWS\Tray\wintmr.exe" ["Salfeld Computer"]
"LogitechSoftwareUpdate" = "C:\Programme\Logitech\Video\ManifestEngine.exe boot" ["Logitech Inc."]
"msnmsgr" = ""C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"ChicoSys" = "C:\WINDOWS\system32\cc32\webtmr.exe" ["Salfeld Computer"]
"iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Programme\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "C:\Programme\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"Generic Host" = "wauclt.exe" [file not found]
"Windows Defender" = ""C:\Programme\Windows Defender\MSASCui.exe" -hide" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{4E5E2224-8C27-4DAC-B5A3-6395349C8468}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\wvUmmKCS.dll" [file not found]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."] Combofix: Code:
ComboFix 08-11-30.02 - Besitzer 2008-12-01 19:04:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.200 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\SCKmmUvw.ini
c:\windows\system32\swctl.dll
c:\windows\Tasks\afpmyuqs.job
.
((((((((((((((((((((((( Dateien erstellt von 2008-11-01 bis 2008-12-01 ))))))))))))))))))))))))))))))
.
2008-12-01 18:49 . 2008-12-01 18:49 <DIR> d-------- c:\programme\Yahoo!
2008-12-01 18:33 . 2008-12-01 18:33 66,048 --a------ c:\temp\mbr(2).exe
2008-12-01 17:06 . 2008-12-01 17:06 13,596,592 --a------ c:\temp\sdsetup.exe
2008-12-01 16:10 . 2008-12-01 16:10 1,137,360 --a------ c:\temp\fsbl.exe
2008-12-01 16:08 . 2008-12-01 16:08 66,048 --a------ c:\temp\mbr.exe
2008-12-01 15:51 . 2008-12-01 15:51 9,859,464 --a------ c:\temp\mpas-fe(2).exe
2008-12-01 15:40 . 2008-12-01 15:40 <DIR> d-------- c:\programme\Trend Micro
2008-12-01 15:40 . 2008-12-01 15:40 <DIR> d-------- c:\programme\CCleaner
2008-12-01 15:25 . 2008-12-01 15:25 3,056,224 -ra------ c:\temp\ComboFix.exe
2008-12-01 15:25 . 2008-12-01 15:26 910,792 --a------ c:\temp\ccsetup214_slim.exe
2008-12-01 15:23 . 2008-12-01 15:23 812,344 --a------ c:\temp\HJTInstall.exe
2008-12-01 15:22 . 2008-12-01 15:22 318,369 --a------ c:\temp\HiJackThis.zip
2008-12-01 15:18 . 2008-12-01 15:18 9,859,464 --a------ c:\temp\mpas-fe.exe
2008-12-01 15:15 . 2008-12-01 15:15 <DIR> d-------- c:\programme\Windows Defender
2008-12-01 15:13 . 2008-12-01 15:13 894,504 --a------ c:\temp\WGAPluginInstall(2).exe
2008-12-01 13:04 . 2008-12-01 13:05 <DIR> d-------- c:\programme\Spyware Doctor
2008-12-01 13:04 . 2008-12-01 13:04 <DIR> d-------- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PC Tools
2008-12-01 13:04 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-01 13:04 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-01 13:04 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-01 13:04 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-01 11:44 . 2008-12-01 12:14 6,503 --a------ c:\windows\system32\spupdsvc.inf
2008-12-01 10:30 . 2008-12-01 10:33 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-01 10:30 . 2008-04-14 07:52 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-12-01 10:27 . 2006-12-29 00:31 19,569 --a------ c:\windows\002817_.tmp
2008-12-01 10:22 . 2008-12-01 10:22 <DIR> d-------- c:\windows\EHome
2008-11-28 18:30 . 2008-11-28 18:30 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware
2008-11-28 18:30 . 2008-11-28 18:30 <DIR> d-------- c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
2008-11-28 18:30 . 2008-11-28 18:30 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-11-28 18:30 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 18:30 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 17:21 . 2008-12-01 17:11 <DIR> d-a------ c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 17:49 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-12-01 13:54 --------- d-----w c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org2
2008-12-01 12:13 --------- d-----w c:\programme\Spybot - Search & Destroy
2008-12-01 08:06 --------- d-----w c:\programme\Windows Live
2008-11-27 22:02 --------- d-----w c:\programme\Mozilla Thunderbird
2008-11-26 15:29 --------- d-----w c:\dokumente und einstellungen\Bärbel\Anwendungsdaten\OpenOffice.org2
2008-11-25 17:52 --------- d-----w c:\dokumente und einstellungen\Risi\Anwendungsdaten\OpenOffice.org2
2008-11-25 17:07 --------- d-----w c:\dokumente und einstellungen\Leo\Anwendungsdaten\OpenOffice.org2
2008-10-23 20:25 --------- d-----w c:\programme\Microsoft CAPICOM 2.1.0.2
2008-10-22 18:35 --------- d-----w c:\programme\Gemeinsame Dateien\Logitech
2008-10-22 18:34 --------- d--h--w c:\programme\InstallShield Installation Information
2008-10-22 18:34 --------- d-----w c:\programme\Logitech
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 12:54 --------- d-----w c:\programme\EA GAMES
2008-10-16 12:26 --------- d-----w c:\programme\DivX
2008-09-04 16:43 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\Tray\wintmr.exe" [2008-03-24 4388280]
"LogitechSoftwareUpdate"="c:\programme\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"ChicoSys"="c:\windows\system32\cc32\webtmr.exe" [2008-03-24 3977144]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-02 266497]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\Leo\Startmen\Programme\Autostart\
OpenOffice.org 2.0.lnk - c:\programme\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]
c:\dokumente und einstellungen\Risi\Startmen\Programme\Autostart\
OpenOffice.org 2.0.lnk - c:\programme\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]
c:\dokumente und einstellungen\Besitzer\Startmen\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows-CCHook-Service]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\programme\Windows Live\Messenger\MsnMsgr.Exe" /background
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"ICQ Lite"="c:\programme\ICQLite\ICQLite.exe" -minimize
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_11\bin\jusched.exe"
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
"SiS Windows KeyHook"=c:\windows\system32\keyhook.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\ICQLite\\ICQLite.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 Windows-CCHook-Service;Windows-CCHook-Service;c:\windows\system32\cchservice.exe [2007-10-14 951984]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-06-25 264704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{114863ec-1789-11dc-89cd-00138f03f3a1}]
\Shell\AutoRun\command - D:\pushinst.exe
*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - MBR
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
2008-12-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{4E5E2224-8C27-4DAC-B5A3-6395349C8468} - c:\windows\system32\wvUmmKCS.dll
HKCU-Run-msnmsgr - c:\programme\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-Generic Host - wauclt.exe
Notify-cbXpmKCR - cbXpmKCR.dll
Notify-WgaLogon - (no file)
Notify-yayxutuu - yayxutuu.dll
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\peo57vhv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF -: plugin - c:\programme\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\programme\Java\jre1.5.0_11\bin\NPJava11.dll
FF -: plugin - c:\programme\Java\jre1.5.0_11\bin\NPJava12.dll
FF -: plugin - c:\programme\Java\jre1.5.0_11\bin\NPJava13.dll
FF -: plugin - c:\programme\Java\jre1.5.0_11\bin\NPJava14.dll
FF -: plugin - c:\programme\Java\jre1.5.0_11\bin\NPJava32.dll
FF -: plugin - c:\programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF -: plugin - c:\programme\Java\jre1.5.0_11\bin\NPOJI610.dll
FF -: plugin - c:\programme\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 19:07:01
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2008-12-01 19:09:01
ComboFix-quarantined-files.txt 2008-12-01 18:08:47
Vor Suchlauf: 16 Verzeichnis(se), 15.197.286.400 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 16,193,949,696 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
177 --- E O F --- 2008-11-20 21:12:33 Filelisting:
http://www.file-upload.net/download-1289106/listing.txt.html
HJT Log File: Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:08, on 01.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cchservice.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\qlketzd.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ChicoSys] C:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CCWinTray] C:\WINDOWS\Tray\wintmr.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147355829847
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29A6A6CC-CDDE-427B-A950-9DA2BC2FFF28}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1F166DA-666B-4639-BA0A-33E7B26F07EC}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{29A6A6CC-CDDE-427B-A950-9DA2BC2FFF28}: NameServer = 192.168.0.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows-CCHook-Service - Salfeld Computer - C:\WINDOWS\system32\cchservice.exe
--
End of file - 6284 bytes All right...bin gespannt wie ein Flitzebogen!!!
Saluti
revilo |